# Keystore AWS Parameter Store (recommended)

Follow these steps to set up your keystore passphrase on AWS Parameter Store.

## Add to parameter store

1. Go to *Systems Manager*\*
2. Click on **Parameter Store** under Application Management on left sidebar
3. Click on \**Create parameter* button
4. Steps
   1. Name: */Hop/Bonder/Keystore/Pass*
   2. Check **SecureString** under Type
   3. Enter keystore password in the *Value* text field
   4. Click the **Create parameter** button

## Attach policy to role

1. Go to IAM
2. Click on **Roles** on left sidebar
   1. Filter for your EC2 Role. E.g. *HopNodeEC2Role*
   2. Click on role link
3. Click on **Attach policies button**
4. Click on **Create policy** button (this will open a new tab)
   1. Service: **Systems Manager**
   2. Check **Read**
   3. Check **GetParameter**
   4. Resources
      1. Add ARN
      2. Region: **us-east-1**
      3. Parameter name: *Hop/Bonder/\**
   5. Click on **Next: Tags** button
   6. Click on **Next: Review** button
   7. Policy
   8. Name: *HopNodeParameterStorePolicy*
   9. Click on **Create policy** button
   10. You may now close this tab.
5. Back on main tab
6. Click refresh button
7. Filter for *HopNodeParameterStorePolicy*
8. Check box next to policy name
9. Click the **Attach policy** button

## Config

Update your config `~/.hop/config.json` to use the password from Parameter Store:

***Note**: The entirety of the config file will be explained in the next section, so feel free to move on and return here when you need to add the keystore config.*

```json
{
  "keystore": {
    "location": "~/.hop/keystore.json",
    "parameterStore": "/Hop/Bonder/Keystore/Pass",
    "awsRegion": "us-east-1"
  }
}
```